Introductio

n to Cyber
Security
(BETCK105I)
Module 1
Dr. Narender M
Dept. of CSE
The National Institute of
Engineering
 • Cybercrime: Definition and Origins of the
Word
• Cybercrime and Information Security
• Who are Cybercriminals?
Agenda • Classifications of Cybercrimes
• Cybercrime: The Legal Perspectives
• Cybercrimes: An Indian, Perspective
• Cybercrime and the Indian ITA 2000
• A Global Perspective on Cybercrimes
Cybercrime: Definition and Origins of the
Word

• Growth of Internet and

unrestricted access (billions of
devices)
• Cybercrime, is it new? First
recorded crime in 1980.
• Situation is India is not better.
 Definition

• A crime conducted in which a computer was directly

and significantly instrumental.

Alternative definitions
Definition and • Any illegal act where a special knowledge of
Origins of the computer technology is essential for its perpetration,
investigation pr prosecution.

Word • Any traditional crime that has acquired a new

dimension or order of magnitude through the aid of
a computer, and abuses that have come into being
(Continued) because of computer.
• Any financial dishonesty that takes place in a
computer environment.
• Any threats to the computer itself, such as theft of
hardware/software, sabotage and demands for
ransom.
 • Cybercrime is any illegal behaviour, directed by
means of electronic operations, that targets the
security of computer systems and the data
processed by them.
Definition • A crime committed using computer and the Internet
to steal a person’s identity or sell contraband or
and Origins stalk victims or disrupt operations with malevolent
programs.
of the Word • Crimes completed either on or with a computer.
(Continued) • Any illegal activity done through the Internet or on
the computer.
• All criminal activities done using the medium of
computers, the Internet, cyberspace and the WWW.
 • Synonyms: Computer-related crimes,
Computer crime, Internet crime, E-crime,
High-tech crime, etc.
Definition • Opportunities for exploitation due to
and Origins weakness in information security because of
exponential growth of Internet connection.
of the Word • Cybercrime may be internal or external.
(Continued) • Two types of attacks:
• Techno-crime
• Techno-vandalism
 Techno-crime
• Premeditated act against a system/s, with
the intent to copy, steal, prevent access,
Definition corrupt, deface or damage parts of the
computer system.

and Origins • 24x7 Internet connection makes this possible

for trained personals.

of the Word Techno-vandalism

(Continued) • Brainless defacement of websites, copying
files and publicizing contents and are
opportunistic in nature.
• Tight internal security and safeguards can
prevent it.
 • Cybercrimes differ from terrestrial crimes in
following ways:
• How to commit them is easier to learn.
• They require few resources relative to the
potential damage caused.
Definition • They can be committed in a jurisdiction without
being physically present in it.
and Origins • They are often not clearly illegal.
of the Word • Cyberterrorism
• Any person/group, with terrorist intent, utilizes
(Continued) access or aids in accessing a
computer/network /electronic system by any
means and engages in/attempts to engage in a
terrorist act.
• Cyberterrorists try to cause damage to the
intangible sensitive information.
 • Lack of information security gives rise to
cybercrimes.
• Indian Information Technology Act (ITA 2008)
defines Cybersecurity as “protecting information,
Cybercrime equipment, devices, computer, computer resource,
communication device and information stored from
and unauthorized access, use, disclosure, disruption,
modification or destruction”.
Information • Financial losses
Security • Difficult to predict the value of corporate data,
usually approximated.
• Most organizations restrain from reporting
incidents of cybercrimes.
Activity

• Lets Google “deepika padukone”, twice:

• Attempt 1: deepika padukone

• Attempt 2: deepika padukοne

• What if this happens with

https://www.onlinesbi.com/ ?
 • Cybercrimes involves child pornography,
credit card fraud, cyberstalking, defaming
others online, unauthorized access, ignoring
copyrights, software licensing, overriding
encryption to make illegal copies, software
Who are piracy, stealing identity, etc.
cybercriminals? • They can be categorized into three
categories:
• Type I: Cybercriminals – hungry for recognition
• Type II: Cybercriminals – not interested in
recognition
• Type III: Cybercriminals – the insiders
 Type I: Cybercriminals – hungry for recognition
• Hobby hackers
• IT professionals (social engineering)
• Politically motivated hackers
• Terrorist organizations
Type II: Cybercriminals – not interested in recognition
Who are • Psychological perverts
cybercriminals? • Financially motivated hackers (corporate espionage)
• State-sponsored hacking (national espionage,
(Continued) sabotage)
• Organized criminals
Type III: Cybercriminals – the insiders
• Disgruntled or former employees seeking revenge
• Competing companies using employees to gain
economic advantage
 Cybercrimes against individual.

Cybercrimes against property.

Classificatio
n of Cybercrimes against organization.
Cybercrime
s Cybercrimes against society.

Cybercrimes emanating from Usenet

newsgroup.
 • Cybercrimes against individual
• Email Spoofing and online fraud
Classificatio • Phishing
n of •
•
Spamming
Cyberdefamation
Cybercrime • Cyberstalking and harassment
s (Continued) •
•
Computer sabotage
Pornographic offenses
• Password sniffing
 • Cybercrimes against organization
• Unauthorized accessing of computer
• Password sniffing
• Denial-of-service attacks
• Virus attack/dissemination of viruses
Classificatio • E-mail bombing
n of • Salami attack
• Logic bomb
Cybercrimes • Trojan horse
(Continued) • Data diddling
• Crimes emanating from Usenet newsgroup
• Industrial espionage
• Computer network intrusions
• Software piracy
 • Cybercrimes against property
• Credit card frauds
• Intellectual Property (IP) crimes
Classificatio • Internet time theft
• Cybercrimes against society
n of • Forgery
Cybercrimes • Cyberterrorism
(Continued) • Web jacking
• Cybercrimes emanating from Usenet groups
• Carry offensive, harmful, inaccurate, deceptive
material.
 • E-mail Spoofing
• One that appears to originate from one source
but actually has been sent from another source.
Classificatio • Spamming
n of •
•
Electronic spam.
Sending unsolicited bulk messages.
Cybercrimes • Advertisers use it.
(Continued) • CAN-SPAM Act of 2003 (It gives recipients the
right to easily request that a business stop
sending them emails and outlines penalties for
violations.)
 • Spamming (Continued)
• Search engine spamming.
• Alteration or creation of a document with the intent to
deceive an electronic catalog.
Classificatio • Authors use subversive techniques to ensure that their
site appears more frequently.
n of • Web publishing techniques to be avoided are:
• Repeating keywords
Cybercrime • Use of unrelated keywords
• Use of fast meta refresh
s • Redirection
• IP cloaking (show different sides to different IPs)
(Continued) • Use of coloured text on same colour backgrounds
• Tiny text usage
• Duplication of pages with different URLs
• Hidden links
• Use of different pages that bridge to the same URL
Activity
How to check the reputation of a domain?
www.urlvoid.com

Probable Fake URL

https://passby.club/amazonEaster/tb.php?
_t=1618203451
 • Cyberdefamation
Classificatio • Defamation is the general term for a legal claim
involving injury to one's reputation caused by a
n of false statement of fact and includes both libel
(defamation in written or fixed form) and
Cybercrime slander (spoken defamation).
• If this happens online (electronic form), then it is
s known as Cyberdefamation.
(Continued) • Something is posted on social media site,
website or an email is sent with defamatory
contents.
 • Cyberdefamation (Continued)
• According to IPC Section 499:
• Applicable even to deceased person (family and
relatives are hurt).
Classificatio • Defamation of company or association or group of
n of people.
• Imputation (Accusation) in the form of an
Cybercrime alternative or expressed ironically.
• Anything that lowers the moral or intellectual
s character of person, lowers respect with respect
to caste or body of the person.
(Continued) • Even if there is no damage to a person’s
reputation, the person who made the
allegations may still be held responsible for
defamation.
Classificatio • Cyberdefamation (Continued)
• Balance between right to an unimpaired
n of reputation and the right to freedom of
Cybercrime expression.
• One may not even encounter a person or a
s company and may defame using Internet.
(Continued)
 • Internet Theft Time
Classificatio • Unauthorized person uses the Internet hours
paid for by another person.
n of • Person gets access to someone else’s ISP user ID
Cybercrimes and password without legit user’s knowledge.
• It comes under Identity Theft and come can be
(Continued) identified by frequency of recharge.
 • Salami Attack / Salami Technique
• Financial crime, make alteration so insignificant
Classificatio that in a single case if would go completely
unnoticed.
n of • Example: A bank employee executes a program
Cybercrimes on bank server to deduct Rs. 2 from all bank
accounts and transfer this to his account. If
(Continued) there were 10 Lakh account holder then the
total amount stolen will be Rs. 20 Lakh.
• What is this is repeated every month?
 • Data Diddling
• Altering raw data just before it is processed by a
computer and then changing it back after the
Classificatio processing is completed.
• Electricity boards example.
n of • Forgery
Cybercrimes • Counterfeit currency notes, postage and
(Continued) revenue stamps, marksheets etc, using
computers, printers and scanners.
• Booming business because of monetary amount.
 • Web Jacking
• Someone forcefully takes control of a website.
• Password is sniffed and the actual owner has no
Classificatio control over the website.

n of • Newsgroup spam/Crimes emanating from

Usenet Newsgroup
Cybercrimes • Excessive multiple posting (EMP).
(Continued) • Google groups because of all userbase.
• The first ever Usenet spam was “Global alert for
all: Jesus is coming soon”.
 • Industrial Spying / Espionage
• Spying is not limited to Govt, corporations aften
spy on the enemy (Competitors).
• Information about product finances, research
and development, and marketing strategy.
Classificatio • Public availability of trojans and spyware
n of materials, even low-skilled individuals can
generate high profit from Industrial spying.
Cybercrimes • These are targeted attacks.
• Organizations keep quite to avoid negative
(Continued) publicity.
• Israeli Trojan story: London based software
developer created a trojan to extract critical
data gathered from machines infected by this.
• Sold this trojan to companies in Israel.
 • Hacking
• Purpose of hacking
• Greed, Power, Publicity, Revenge, Adventure, Desire
to access forbidden information, Destructive mindset
Classificatio • Act committed toward breaking into a
computer/ network is hacking and it is an
n of offense.
Cybercrimes • Write programs or use ready made programs.
• Desire to destruct, enjoyment, monetary gains,
(Continued) extort money from corporates.
• Hackers, crackers, phrackers.
• “Hack” – elegant, witty or inspired way of doing
anything, originated from MIT.
 • Online Frauds
• Spoofing website, Email security alerts, hoax
emails about virus threats.
• Fraudsters create authentic looking websites
Classificatio that are spoof.
• Makes user to enter their personal and bank
n of information.
• Email spoofs – Link to spoofed sites, users enter
Cybercrimes username and password thinking it is legit site.
(Continued) • Virus hoax email, warnings may be genuine, but
verify link before clicking on it.
• Lottery frauds, deposit processing fee.
• Spoofing – illegal intrusion, posing as a genuine
user.
 • Pornographic Offenses
• Child pornography – visual depiction, including
but not limited to:
Classificatio • Any photograph considered as obscene, noy suitable
for child viewer.
n of • Film, video, picture.
• Computer-generated picture, use of minor engaging
Cybercrimes in sexually explicit conduct.
• Abusers are using Internet to reach children
(Continued) online.
• Pedophiles are people who physically or
psychologically coerce minors to engage in
sexual activities.
 • Pornographic Offenses (Continued)
• Pedophiles operate as follows:
1. Use false identity to trap children/teenagers.
2. Seek children online (Online gaming arenas)
Classificatio 3. They befriend children/teens.
n of 4. Extract personal information after gaining their
confidence.
Cybercrimes 5. Start other mode of communication, email,
(Continued) phone, etc.
6. Send pornographic images/text including child
pornographic images to create an illusion that
it is normal.
7. Meet them and sexually exploit them.
 • Pornographic Offenses (Continued)
Classificatio • Irony of digital world, how to identify and avoid
such people online?
n of • Parents and children must be educated about
the dangers and consequences of such acts.
Cybercrimes • Children’s Online Privacy Protection Act
(Continued) (COPPA).
• Software to block such sites.
 • Software Piracy
• Theft of software through the illegal copying of
genuine programs of the counterfeiting and
distribution of products intended to pass for the
Classificatio original.
• End-user copying, hard-disk loading with illicit
n of means, counterfeiting, illegal downloads from
the Internet.
Cybercrimes • Illegal copies:
(Continued) • Untested software
• May contain hard-disk infecting virus.
• No technical support in case of failure.
• No warranty protection.
• No legal right to use the product.
 • Computer Sabotage
• Use of the Internet to hinder the normal
Classificatio functioning of a computer system by introducing
n of worms, viruses or logic bombs.
• Gain economic advantage, promote illegal
Cybercrimes activities, steal data for extortion.
• Logic bombs are event dependent programs,
(Continued) created to do something only when a certain
event occurs.
 • Email Bombing
• Sending large number of emails to the victim to
crash victim’s email account or to make victim’s
mails servers crash.
• Computer program to repeat this task on a regular
Classificatio basis.
• Usenet Newsgroup as the Source of
n of Cybercrimes
Cybercrimes • Usenet is means of sharing and distributing
information on the web with respect to different
(Continued) topics.
• Distribution/sale of pornographic material.
• Distribution/sale of pirated software packages.
• Distribution of hacking software.
• Sale of stolen credit card numbers.
• Sale of stolen data/stolen property.
 • Computer Network Intrusions
• Hackers can break into computer systems from
anywhere in the world and steal data, plant
viruses, create backdoors, insert trojan horses,
Classificatio etc.
n of • Capture login id and password using program.
• Strong password and frequently change it.
Cybercrimes • Password Sniffing
(Continued) • Programs that monitor and record the name and
password of network users as they login.
• Use these credentials to access restricted
documents.
 • https://bit.ly/3bRvMeu

• I got this shortened URL on my

WhatsApp? Is it safe for me to visit
this?
Activity
• Lets find out. Visit
http://checkshorturl.com/ and
expand the URL.
 • Credit Card Frauds
• Security of cardholder data has been one of the
biggest issues among on the payment card
industry.
Classificatio • Millions of dollars are lost.
• Large database breaches.
n of • Identity Theft
Cybercrimes • Fraud involving other person’s identity for an
(Continued) illicit purpose.
• Obtaining credit, stealing money from victim’s
bank, credit card access, utility companies,
renting apartment, etc.
 • In most cybercrimes, computers and other
Classificatio devices are used as follows:
n of • Used as tool for committing cybercrimes.
• Crime involving attack against the computer.
Cybercrimes • Use for storing information related to
(Continued) cybercrime/info useful for committing
cybercrime.
 Cybercrime: The Legal Perspectives
Cybercrime: Criminal Justice Resource Manual (1979): any illegal act for which knowledge of
computer technology is essential for a successful prosecution.
International legal aspects study: encompass any illegal act for which knowledge of computer
technology is essential for its perpetration.
Cybercrime is an outcome of Globalization, globalized information systems.

One of the most globalized threat to the present and to the future.

Solution 1: Divide the information systems into segments bordered by state boundaries.

Solution 2: Incorporate legal system into an integrated entity obliterating these state
boundaries.
 India is the 2nd largest Internet user in the world.

Medium age is in 30s and most of the mobile users

use Internet.

Cybercrimes: Cybercrimes have also increased, and majority of

these crimes are committed by people aged 18 to 30.
An Indian Cybercrime police and Economic Offenses Wing.
Perspective
More and more police personals are being trained.

Handling a cybercrime case is different from handling

a traditional crime case.
 Cybercrime and the Indian ITA 2000
Section Offence Penalty
65 Tampering with computer source documents Imprisonment up to three years, or/and with fine up to ₹200,000
66 Hacking with computer system Imprisonment up to three years, or/and with fine up to ₹500,000
Receiving stolen computer or communication
66B Imprisonment up to three years, or/and with fine up to ₹100,000
device
66C Using password of another person Imprisonment up to three years, or/and with fine up to ₹100,000
66D Cheating using computer resource Imprisonment up to three years, or/and with fine up to ₹100,000
66E Publishing private images of others Imprisonment up to three years, or/and with fine up to ₹200,000
66F Acts of cyberterrorism Imprisonment up to life.
Publishing information which is obscene in
67 Imprisonment up to five years, or/and with fine up to ₹1,000,000
electronic form.
Imprisonment up to seven years, or/and with fine up
67A Publishing images containing sexual acts
to ₹1,000,000
Imprisonment up to five years, or/and with fine up to ₹1,000,000
Publishing child porn or predating
67B on first conviction. Imprisonment up to seven years, or/and with
children online
fine up to ₹1,000,000 on second conviction.
 Cybercrime and the Indian ITA 2000
(Continued)
Section Offence Penalty
67C Failure to maintain records Imprisonment up to three years, or/and with fine.
Imprisonment up to 2 years, or/and with fine up
68 Failure/refusal to comply with orders
to ₹100,000
69 Failure/refusal to decrypt data Imprisonment up to seven years and possible fine.
Securing access or attempting to secure access to a
70 Imprisonment up to ten years, or/and with fine.
protected system
Imprisonment up to 2 years, or/and with fine up
71 Misrepresentation
to ₹100,000
Imprisonment up to 2 years, or/and with fine up
72 Breach of confidentiality and privacy
to ₹100,000
Disclosure of information in breach of lawful Imprisonment up to 3 years, or/and with fine up
72A
contract to ₹500,000
Publishing electronic signature certificate false in Imprisonment up to 2 years, or/and with fine up
73
certain particulars to ₹100,000
Imprisonment up to 2 years, or/and with fine up
74 Publication for fraudulent purpose
to ₹100,000
 • Broad meaning of cybercrime provided by
Council of Europe’s Cyber Crime Treaty.
• Cybercrime is used as an umbrella term to refer
A Global to an array of criminal activity including offenses
against computer data and systems, computer-
Perspective on related offenses, content offenses and copyright
offenses.
Cybercrimes • Anti-spam legislation, technical solutions by ISPs
and end users.
• Growing spam usage for fraudulent activities,
masquerading trusted companies.
• International cooperation for the anti-spam law.
 • Cybercrime and the extended enterprise
• Average user is not adequately educated to
understand the threats and how to protect
oneself.
A Global • Threats and opportunities that “connectivity”
Perspective on and “mobility” presents.
• Extended enterprise: A company is not just
Cybercrimes made of its employees, board members and
(Continued) executives, but also its business partners,
suppliers and customers.
• It can be successful if all entities have the
information needed to do business.
• Interconnected for seamless flow of
information.
• Global cybersecurity can be achieved using
coordinated efforts.
 • Cybercrime era: Survival Mantra for the
Netizens
• Netizens are Internet users, has a
A Global considerable amount of online presence.
• 5P mantra – Precaution, Prevention,
Perspective on Protection, Preservation, Perseverance.
Cybercrimes • Stranger is danger.
(Continued) • Protect customer’s data, employee’s
privacy and company.
• Matters of cybercrimes must be
immediately reported.
• Users must save electronic information
trail on their computers.
• ITA 2000 and its abuse.
Reading Activity (Recent Cybercrimes)
• https://timesofindia.indiatimes.com/topic/
Cyber-crime/news
End of Module 1